Sunday, January 13, 2013

How to: Multiple Server Setup with Active Directory, SharePoint 2010 and SQL Server 2008 in different boxes

Hi all,

In most of the production environments, we typically have separate Domain Controller, SharePoint Server 2010 and SQL Server 2008. I have recently built a test environment for SharePoint Server 2010 and this is my demo topology:


In this diagram above I have set up:

a) Domain controller with static IP address of 192.168.10.1 
b) SharePoint Server 2010  with static IP address of 192.168.10.2
c) SQL Server 2010 with static IP address of 192.168.10.3 

There are following prerequisites:

  ü  The servers should be in the same domain.
  ü  Static unique IP addresses for each server.
  ü  Network discovery should be enabled for each server.
  ü  Local administrative rights on each server.  

My test environment is as follows:
  • Domain Controller - Windows Server 2008 R2 SP1 and allocated 1 GB RAM. 
  • SQL Server -  Windows Server 2008 R2 SP1, SQL Server 2008 SP1 and allocated 1 GB RAM. 
  • SharePoint Server 2010: Windows Server 2008 R2 SP1, and allocated 1.5 GB RAM. 

Since my host machine has limited 8GB RAM and three servers to work simultaneously at the same time, I have created this server set up. Please note that TechNet article about Hardware and software requirements (SharePoint Server 2010) is different my set up and they recommend to have minimum of 4GB RAM for SharePoint Server 2010 & SQL Server 2008 R2 to have 8GB RAM.

A) Domain Controller 

I have used Oracle VirtualBox as the Virtualization for building the test environment and please follow my previous blog post about the steps. For setting up Active Directory, please follow my previous blog post How to: Install and Configure SharePoint 2010 - Part 1  till Step 29. 


AD Static IP address
I had written a detailed blog post (How to: Multiple Server Setup for SharePoint 2010) about networking concepts.

B) SQL Server 2008 set up.
After we have completed the configuration of Domain Controller, I moved to set up SQL Server 2008.
Its a fresh installation  and added roles for Active Directory Domain Services and I was presented with Welcome AD wizard




From the AD deployment configuration wizard, I chose "Existing forest" and checked "Create a new domain in an existing forest". I didn't select the first option as I'm not adding an additional domain controller to SQL Server 2008.

Creating a new domain in an existing forest. 

In the next screen, the domain is pre-filled. Click on the "Set...", I am prompted Network Credentials. I keyed in the log in details.


I watched an excellent video about how to add new child domain. (YouTube: Active Directory adding a child domain). I created a Single-label DNS name of the child domain to be: sql as illustrated below:

Adding a child domain

However, when I clicked the "Next" button I got an error.
Failed to examine the active directory forest ldap_search() failed err=52. 

I tried to find if anyone has faced this issue but error code was different when I Google it. I reexamined the Domain controller, clicked on Computers and found that SQLDB server was indeed listed. Right click on SQLDB server, navigated to Delegation tab, checked "Trust this computer for delegation to specified services" and clicked "OK".



I again moved to SQL Server box, created a child domain again and error went away.


On next screen, I kept the default settings



Since I already have DNS on the domain controller, I unchecked "DNS server" option and hit the "Next" button.


The wizard prompted with following warning message and clicked "Yes



The screens of the AD wizard is similar.







Navigate to the Start >> Administrative Tools >> Active Directory Users and Computers 


From the top menu go to "Action" and select "Change Domain" to verify if our SharePoint accounts that are in the domain controller exist. 



Click on the "Browse" button to view the child domain (sql) and parent domain (contoso). Select the "Contoso" parent domain and click OK button.  



Clearly our SharePointAccounts exist on SQL Server box.


Open the SQL Server 2008 ISO media and follow similar steps as in my previous blog posts (How to: Install and Configure SharePoint 2010 - Part 2) till Step 16
  


C) SharePoint Server 2010 set up. 

Its again fresh installation and this time I choose "Application Server" & "Web Server" roles. Please note that I have NOT chose "Active Directory Domain Services" as I will connect domain controller at later stage.


From the AD deployment configuration wizard, I chose "Existing forest" and checked "Create a new domain in an existing forest". I didn't select the first option as I'm not adding an additional domain controller to SharePoint Server 2010. 


Creating a new domain in an existing forest.


Since I already have DNS on the domain controller, I unchecked "DNS server" option and hit the "Next" button. 


From the top menu go to "Action" and select "Change Domain" to verify if our SharePoint accounts that are in the domain controller exist. 


Open the SharePoint Server 2010 ISO and Install SharePoint 2010 Prerequisites.

Now, I connect SharePoint Server 2010 to Domain Controller.


I have already did similar step on SQL Server 2008 as well so that all three boxes are connected.
When I ran the SharePoint PSConfig, specified database settings and database access account and when I clicked "Next" I got an error:



Cannot connect to database master at SQL Server at the sqldb.contoso.com. The database might not exist, or the current user does not have permission. 

I knew the SQL Server box does exist, so I ruled out the first option.
The current user is contoso\ administrator in this case.

I gave contoso\administartor "dbcreator", "securityadmin" and "sysadmin" on the SQL Server box.



However, I gave permission to contoso\ administrator and again ran PSConfig on the SharePoint 2010 box, I again got the same error.


I found a very useful tip from a Eric Harlan blog post. I have to open a port on SQL Server so that SharePoint is able to contact SQL Server. 

Open SQLDB server, Start >> Control Panel >> Windows Firewall and from left menu choose "Advanced Settings

Select "Inbound Rules" and on the Actions pane create a "New Rule", 

Select the "Port" and click "Next"


From the "Protocols and Ports", select "TCP" and in the Specific local ports type in "1433-1434"


On the "Action", check the "Allow the connection"


On the "Profile", check all three options.



Give the Name of the rule and click on the "Finish" button



Log on as contoso\ administrator on SQL Server and SharePoint Server 2010 and verify they are local administrator rights by navigating Start >> Run >> netplwiz command

On SQL Server:


On SharePoint Server 2010: 

   

Fire up the PSConfig on the SharePoint 2010 box and I was presented with SharePoint's passphrase wizard. Type in the PassPhrase and click "Next" button


The next screen I specified SharePoint Central Administration Web Application and click the "Next" button.


The summary screen will be displayed and SharePoint will installed.



By having separate SharePoint Server and SQL Server increases the scalability of the SharePoint farm.  


Cheers, 
--Aaroh 

References: 





Tuesday, January 1, 2013

How to: Setting up NLB in SharePoint 2010 farm

Hi All, 

In my previous blog post, I have described about how to set up a two tier SharePoint 2010 farm by providing an additional web front end. Spence Harbar has written an extremely informative article about SharePoint's high availability, network load balancing (NLB) & recommended to have Central Administration on more than one server in the farm. 


The main purpose of NLB is to provide high availability to the SharePoint 2010 farms so that the web front load is distributed. I wanted to learn how the NLB feature of Windows Server 2008 R2 functions and hence this post. As a I have limited knowledge of Windows NLB feature, I read MSDN documentation and watched a couple of screen casts on YouTube. One of the YouTube videos had been very useful. I watched the complete video and PowerPoint presentation was indeed good resource for me. These are the excerpts of his presentation.

--------------------------------------------------------
Basics of NLB
 

What is load balancing?
System that increases the scalability & high availability of the servers that provide access to data.  

Other NLB methods:
·         >> A virtual IP address (VIA) is used to distribute requites between multiple severs
·         >> Not suitable for all applications
      
      What is Windows NLB?
·         >> Is a fully distributed software solution for load balancing
 >>Is included with all versions of Windows Server 2008  

 Requirements  for Windows NLB:
·        >>  At least one network adapter for load balancing
·         >>Only TCP/IP on the NLB adapter
·         >> All NLB nodes on the same subnet

    What are port rules?
Specify how requests to a certain IP address & port range are handled.
Port rules define:
     >> Filtering mode
     >> Affinity
     >> Load weight
     >> Handling priority 


     What is the filtering mode?

Filtering mode
Description
Single Host
Only the NLB node with the highest priority responds
Disable this port range
All traffic for this port range is blocked
Multiple hosts
All NLB nodes respond based on the weight assigned to each node.


What is affinity?

Affinity controls how requests from a client are distributed among multiple nodes in an NLB cluster

Affinity
Description
None
Each client request could be distributed to any node
Single
All requests from a single client are distributed  to a single node
Network
Directs clients requests to the closest node on the basis of subnet


 ------------------------------------------------------------------------

Scenario: 


NLB is a feature installed on any Windows Server 2008 system and optimized for IIS. It provides basic level of software load balancing. The scenario is that we have 2 or more web   fronts (SharPoint 2010 farm) with two or three IPs that participates in load balancing and create a single virtual IP to our users and NLB decides which web front would serve the users via priority. NLB reduces the load on a web front end & provides quality of service to users.



      
  In this topology above two servers, SP2010WFE1 and SP2010WFE2 and we will install NLB feature at both the machines.  We present to our users a single virtual server with host name to Portal and IP address of 192.168.10.10. 


Step1: Adding NLB feature


Add NLB feature at both SP2010WFE1 & SP2010WFE2 as NLB feature has to installed on both the machines.







Step2: Creating the cluster 


Navigate to Start >> Administrative Tools >> Network Load Balancing Manager on SP2010WFE1 server & right click to create "New Cluster"




The Host would be the first server i.e. SP2010WFE1


The Priority would be first server.   



Now we set up the cluster which is called as virtual IP address (VIP). The IP address that is NOT taken and we cant use SP2010WFE1 and SP2010WFE2. It should be unique. I created a new IP address 192.168.10.10 as the cluster IP address.  


In the cluster IP configuration, I supplied full internet name as portal.contoso.com (I will create a DNS entry in the later step) and in the cluster operation mode to be Multicast


Click the "Finish" button and kept the default settings.  



Note: Normally in the production environment, we have to limit this because only NLB nodes should be participated. Thus, we can customize the port rules for the production environment. In my example I have only two nodes, i.e. SP2010WFE1 and SP2010WFE2, so I keep it default settings.


Now, we add the second server (SP2010WFE2). 







I put this server's priority to 2. 



Its waiting time for both the nodes to be converged and keep refreshing the NLB manager till both the nodes are converged. 


We now switch to SP2010WFE2 server and we will observe that both the cluster nodes have been automatically converged. Please note it will take some time to converge the nodes. 




Step4: Creating a DNS entry 


Create "A record" in the SP2010WFE1 server within the  "Forward Lookup Zones" and type in:

Name: portal
IP Address: 192.168.10.10 (virtual IP address)



Step4: IIS Settings 


On the IIS manager, right click on "SharePoint - 80" web application >> Edit Bindings >> Add a new host name.






Perform IIS at both machines by navigating Run >> cmd (prompt) >> IISRESET

Step6: Logging into SharePoint Central Administration 

Navigate to SharePoint 2010 Central Administration >> System Settings >> Configure alternate access mappings, choose correct web application and under "Default" zone type in: http://portal/ 




and punch in the http://portal.contoso.com



I tried the administrator log in credentials numerous times but my attempts went in vain. I again researched and tried to make NLB cluster working. I found that from different blog posts about the same issue and found a workaround. 

Step7:  DisableLoopbackCheck on Windows Server 2008 R2 server. 

What is the issue? 
Windows Server 2003 SP1 and Windows Server 2008 introduced a loopback security check according to Spence Harbar & mentioned that its a Microsoft security feature. Please refer to his blog about more details. 

Even I faced the same issue when  I typed in the http://portal.contoso.com and constantly prompted for the username and password. There is Microsoft KB article 896881 and I followed Method 2. It fixed the issue for me. 

Step8: Failover

For testing the NLB cluster, I navigated to SP2010WFE1 server and stopped the server. 



I was able to browse both at SP2010WFE1 & SP2010WFE2. 


If I stopped both the nodes, I was not able to browse at either of SharePoint Web Front Ends. 


I hope this blog post help you. 

Cheers, 
--aaroh  

  

References:
1) Clustering and High-Availability (MSDN)

2) Network Load Balancing Windows Server 2008 ( YouTube: Arabic)
3) How to Setup Load Balance in SharePoint 2010 Farm
4) SharePoint Central Administration: High Availability, Load Balancing, Security & General Recommendations (Harbar)     

Disable loopback check 

4) SharePoint disable loopback check
5) DisableLoopbackCheck & SharePoint: What every admin and developer should know. (Harbar)
6) Disable the loopback check (MDSN)       

Low Code Reimagined with AI + Copilot Pitch Deck - Copy Copilot day (Virtual) - 2023

 Hi All,  I presneded a session at Pune UG on Low Code Reimagined with AI + Copilot Pitch Deck.  Video is at this address  https://www.youtu...